GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
只读用户可以连接,查看表,但当它尝试执行简单的select操作时,它会得到:
ERROR: permission denied for relation mytable
SQL state: 42501
这发生在PostgreSQL 9.1上
我做错了什么?
发布于 2012-11-22 19:20:03
这是最近更新的PostgreSQL 9+的完整解决方案。
CREATE USER readonly WITH ENCRYPTED PASSWORD 'readonly';
GRANT USAGE ON SCHEMA public to readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly;
-- repeat code below for each database:
GRANT CONNECT ON DATABASE foo to readonly;
\c foo
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly; --- this grants privileges on new tables generated in new database "foo"
GRANT USAGE ON SCHEMA public to readonly;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
感谢https://jamie.curle.io/creating-a-read-only-user-in-postgres/的几个重要方面
如果有人找到更短的代码,并且最好是能够对所有现有数据库执行此操作的代码,请给予额外的赞誉。
发布于 2012-11-22 02:36:00
尝试添加
GRANT USAGE ON SCHEMA public to readonly;
您可能没有意识到,为了使用模式中的对象,需要拥有模式所需的权限。
发布于 2015-07-16 14:28:24
确保您的用户具有其角色的属性。例如:
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
flux | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
执行以下命令后:
postgres=# ALTER ROLE flux WITH Superuser;
ALTER ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
flux | Superuser | {}
postgres | Superuser, Create role, Create DB, Replication | {}
它解决了这个问题。
有关角色和其他内容,请参阅此处的教程:https://www.digitalocean.com/community/tutorials/how-to-use-roles-and-manage-grant-permissions-in-postgresql-on-a-vps--2
https://stackoverflow.com/questions/13497352
复制相似问题